<div>
  One of the searches Hudson does on LDAP is to locate the list of groups for a user.
  <p>
    This field determines the query to be run to identify the organizational unit that
    contains groups. The query is almost always <tt>"ou=groups"</tt> so try that first,
    though this field may be left blank to search from the root DN.
  </p><p>
    If login attempts result in "Administrative Limit Exceeded" or similar error, try to
    make this setting as specific as possible for your LDAP structure, to reduce the scope
    of the query. If the error persists, you may need to edit the
    <tt>WEB-INF/security/LDAPBindSecurityRealm.groovy</tt> file that is included in
    <tt>hudson.war</tt>. Change the line with: <br/>
    <tt>groupSearchFilter = "(| (member={0}) (uniqueMember={0}) (memberUid={1}))";</tt><br/>
    to query only of the field used in your LDAP for group membership, such as: <br/>
    <tt>groupSearchFilter = "(member={0})";</tt><br/>
    Then restart Hudson and retry the login.
  </p>
</div>
